Historically, the ICO hasn’t had much power to issue a robust fine to companies which mishandle people’s information. £500,000 figure was the maximum penalty under the UK’s data protection laws.

But now Europe brought in much stricter privacy laws in May, the GDPR. Importantly, these laws give regulators like the ICO much sharper teeth when it comes to issuing fines, with a maximum fine of €20 million or 4% of a company’s global turnover.

Facebook made around $US40 billion (£30.1 billion) in revenue in 2017, meaning its maximum fine under the new laws would be $US1.6 billion (£1.2 billion).

Facebook still has a chance to respond to the ICO before the watchdog makes its final decision. The company is expected to make its case later this month.